FBI: Suspected Zotob Makers Arrested - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:24 PM

FBI: Suspected Zotob Makers Arrested

The FBI says two men were nabbed in Turkey and Morocco, and charged in connection with Zotob and the earlier Mytob and Rbot worms.

Two men have been arrested by local authorities in Turkey and Morocco, and charged with creating and distributing the Zotob and Mytob worms, as well as Rbot bot worm, the FBI announced Friday in a conference call with news media.

Farid Essebar, 18, a Moroccan national born in Russia and known by the moniker "Diabl0," was arrested by Moroccan authorities, while Atilla Ekici, aka "Coder," a 21-year old resident of Turkey, was grabbed by Turkish police.

The two are believed to be behind the Zotob attacks that began last week, quickly infected thousands of machines worldwide, and brought down some corporate and media networks running vulnerable Windows 2000 PCs. They are also suspected of being behind Mytob, which harks back to February 2005, and Rbot, an IRC-controlled bot which debuted in August 2004.

The FBI's investigation doesn't go back that far, but it did begin long before the Zotob outbreak, said Louis Reigel, the assistant director of the FBI's Cyber Division.

"We started our initial investigation [of Mytob] in late March, but it became very aggressive in the last two weeks," Reigel said. "The arrests were made from a trail that came to light in the last two weeks [since Zotob]," confirmed Brad Smith, Microsoft's general counsel, who also participated in the call.

According to the FBI, Essebar was the one who wrote the worms and bots, and was then paid for his work by Ekici. "There was a financial relationship between Essebar and Ekici," said Reigel, "and we believe that there was financial gain on the part of the Moroccan, Mr. Essebar."

Microsoft, said both Reigel and Smith, was instrumental in tracking down the pair. Microsoft's Internet Crime Investigations Team began monitoring the first wave of Zotob attacks last week, and used that information, as well as technical analysis of the worm, to "follow the electronic trail back to the source, so to speak," Smith said.

Microsoft's Anti-Virus Reward program, which started in 2003 and offers bounties of $250,000 for information that leads to the arrests of some worm writers, didn't play a part here, said Smith. "The arrests were not made based on a tip-off; they were based on our Internet Crime Investigations Team."

Microsoft's reward program has had spotty success, although it contributed to the arrest last year of the Sasser worm writer, a German teenager who was convicted and sentenced in early July of this year.

Both Essebar and Ekici will face charges in their home countries, Reigel said, although he wasn't able to detail the exact charges which had been filed nor the possible penalties. There is no plan to extradite the two to the United States, he added, in part because there is no extradition treaty with Morocco.

Nor would either Reigel or Smith of Microsoft speculate as to the motive for writing and distributing the various worms. Although some media reports -- including one out of Morocco -- claimed that the two men were involved in bankcard fraud, Reigel said there was no evidence of that.

"We have no information that this case relates to identity theft or bank fraud," said Reigel.

Smith praised the FBI and the cooperating overseas law enforcement for jumping on the case so quickly. "I think that such fast law enforcement action spanning not only multiple countries but multiple continents speaks volumes about the progress law enforcement has made against cyber criminals," Smith said.

He also defended his company, which is frequently lambasted for its many security problems, by claiming, as have other officials, that the root cause for the attack isn't necessarily Microsoft's fault, but is due to the overwhelming popularity of its products.

"We have very popular products, and so we're put under this kind of pressure," said Smith. "But security remains our highest priority."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll